ad info




CNN.com
 MAIN PAGE
 WORLD
 ASIANOW
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
 TECHNOLOGY
   computing
   personal technology
   space
 NATURE
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 HEALTH
 STYLE
 IN-DEPTH

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

  CNN WEB SITES:
CNN Websites
 TIME INC. SITES:
 MORE SERVICES:
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines
 pointcast
 pagenet

 DISCUSSION:
 message boards
 chat
 feedback

 SITE GUIDES:
 help
 contents
 search

 FASTER ACCESS:
 europe
 japan

 WEB SERVICES:
COMPUTING

Melissa mutant threatens networks

May 28, 1999
Web posted at: 10:49 a.m. EDT (1449 GMT)

by Matthew Nelson

From...
InfoWorld

virus graphic

 MESSAGE BOARDS:
"Chernobyl" virus

Cyber-terrorism

How do you define a hacker?

  

(IDG) -- The Melissa virus, which swept across networks around the world last month, has popped up again in a mutated format, which may have occurred when it inadvertently came in contact with another virus.

The latest variation on the Melissa virus utilizes a macro virus to replicate itself across networks as the original did, but now changes the file extension of the Word document from .doc to a RTF format. This may effectively camouflage the virus from anti-virus systems that are looking only for the .doc version of the attack. The virus is not actually a RTF document, however, but is simply the Word file masquerading as a RTF file as RTF files cannot contain macro documents.

"An RTF file cannot contain macros, so it cannot contain macro viruses," said Sal Viveros, group marketing manager for Total Virus Defense at Network Associates, which was contacted about the virus by a user. "But with Word you can name your extensions any name you want, so all this virus writer did was change the list.doc in Melissa to list.rtf."

The RTF Melissa virus is similar to the CAP virus which was discovered in 1997 and altered .doc files to RTF files. CAP was summarily added to anti-virus application lists to be protected against, but the similarity of the two viruses, and the possible results of an interaction between the two, has also lead Viveros to speculate that the two viruses might have met and mutated in the wild.

If a system infected with CAP virus also contracted Melissa, then CAP could have altered the Melissa files to replicate as RTF files and the continued to spread the infection.

"It could have been that someone had the CAP virus on they system who got infected by Melissa," said Viveros. "Maybe it was accidental that this was changed to RTF."

However, there is no way to determine if this has been the case, according to Viveros. This new version of the Melissa virus is one of many copy cat viruses that have been discovered since the initial outbreak of the virus, which caught nationwide attention.

To protect against the latest version of Melissa, Network Associates and other anti-virus vendors recommend that users keep their anti-virus lists updated regularly and inform users of the dangers of opening suspicious macros, especially ones fitting the Melissa profile of "Important message from .."



SPECIAL:
Insurgency on the Internet

RELATED STORIES:
CIH virus antidote author defends his program
May 20, 1999
Network Associates ranks virus threats
April 23, 1999
Some Aptivas shipped with CIH virus
April 8, 1999
Massive e-mail virus outbreak spreads like wildfire
March 29, 1999
How to prepare yourself for the CIH 1.2 virus
March 12, 1999
Hardware-damaging virus is a worldwide problem
July 22, 1998

RELATED IDG.net STORIES:
Protect yourself from the next Melissa
(PCWorld)
'Melissa' a sign of problems to come, panelists told
(Federal Computer Week)
The meaning of the Melissa virus
(InfoWorld)
Gee, your virus smells like e-mail
(The Industry Standard)
Effective virus protection--cheap
(PCWorld)
Virus killers offer strong protection
(PCWorld)
Deadly 'Melissa' copycat virus can bring down networks
(Computerworld)
Year 2000 World
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

RELATED SITES:
Network Associates Inc.
McAfee
Symantec
Trend Micro
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
 LATEST HEADLINES:
SEARCH CNN.com
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.